#Deserialization

PSConfEU

@psconf.eu

2 months ago

- YouTube Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.

💣 CLIXML #deserialization in #PowerShell isn't harmless…
At #PSConfEU 2025, Alexander Andersson showed how it enables:
✔ Lateral movement
✔ Privilege escalation
✔ Guest-to-host VM breakouts
🎟️ Early bird 2026 tickets → psconf.eu
#Security #CLIXML

Alexandre Borges

@alexandreborges.bsky.social

3 months ago

High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478) › Searchlight Cyber This morning, an advisory was released for Next.js about a vulnerability that leads to RCE in default configurations, with no prerequisites. The root cause of this issue lies in React Server Component...

High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478):

slcyber.io/research-cen...

#exploit #exploitation #infosec #informationsecurity #cve #rce #hacking #deserialization

Alexandre Borges

@alexandreborges.bsky.social

4 months ago

Making Serialization Gadgets by Hand - .NET | Blog | VulnCheck Creating a language-native .NET source for deserialization gadgets

Making Serialization Gadgets by Hand - .NET:

www.vulncheck.com/blog/making-...

#dotnet #infosec #deserialization #hacking #programming #exploit #exploitation

Hasamba

@hasamba72.bsky.social

4 months ago

Active exploitation observed for WSUS deserialization bug CVE-2025-59287; report from a customer alert on Windows Server Update Services noted by Bas van den Berg. Limited IoCs published. #CVE-2025-59287 #WSUS #deserialization https://bit.ly/49q0nhx

Alexandre Borges

@alexandreborges.bsky.social

4 months ago

Why nested deserialization is STILL harmful – Magento RCE (CVE-2025-54236):

slcyber.io/assetnote-se...

#infosec #cybersecurity #deserialization #rce #exploit #exploitation #cve

Kubernetes

@kubernetes.activitypub.awakari.com.ap.brid.gy

4 months ago

Critical Apache ActiveMQ Flaw Lets Attackers Run Code Remotely A flaw in Apache ActiveMQ’s .NET client lets attackers run code remotely, risking full system compromise for unpatched users. The po...

#News #Threats #.NET #security #Apache #ActiveMQ […]

[Original post on esecurityplanet.com]

BaseFortify.eu

@basefortify.bsky.social

5 months ago

SolarWinds logo over world map silhouette

🚨 Patch bypass alert for SolarWinds Web Help Desk. Unauth attackers can run commands via AjaxProxy deserialization — a new bypass of CVE-2024-28988 (itself a bypass of 28986). Patch fast and lock down access.

🔗 basefortify.eu/cve_reports/...

#SolarWinds #RCE #Deserialization

Checkmarx Zero

@checkmarxzero.bsky.social

6 months ago

Leaked #secrets + a #ViewState weakness gave attackers a foothold to pivot and escalate inside Sitecore. It's a real-world example of App weakness exploitation in action 🧵2/4

#AppSec #DotNet #Deserialization

PSConfEU

@psconf.eu

8 months ago

- YouTube Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.

💣 CLIXML #deserialization in #PowerShell isn't harmless…
At #PSConfEU 2025, Alexander Andersson showed how it enables:
✔ Lateral movement
✔ Privilege escalation
✔ Guest-to-host VM breakouts
🎟️ Early bird 2026 tickets → psconf.eu
#Security #CLIXML

TechKeysX

@techkeysx.bsky.social

9 months ago

Using JsonPropertyName to map Json to Class C# Tip #42

How to use the JsonPropertyName attribute in C# to map mismatched JSON fields (like id) to class properties (like UniquePostId) during deserialization. #CSharp #JSON #Deserialization #HttpClient #JsonPropertyName #DataMapping #WebAPI #DotNet

buherator

@buherator.bsky.social

9 months ago

[oss-security] CVE-2025-48734: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default


www.openwall.com ->

I wonder if the now restricted behavior is useful for #deserialization gadgets (I
1/2

@senoritadeveloper.bsky.social

11 months ago

Serialization and Deserialization In Java — What is SerialVersionUID and When to Regenerate It Serialization and Deserialization In Java, SerialVersionUID Generation and How to Auto Add It in IntelliJ IDEA

Serialization and Deserialization In Java — What is SerialVersionUID and When to Regenerate It #java #serialization #deserialization #serialversionuid #intellij #intellijidea senoritadeveloper.medium.com/serializatio...

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

1 year ago

CISA Warns of Actively Exploited Adobe ColdFusion and Oracle Agile PLM Vulnerabilities The Cybers...

thecyberexpress.com/cisa-adds-cve-2017-3066-...

#Firewall #Daily #Cyber #News #Vulnerabilities #Adobe #ColdFusion […]

[Original post on thecyberexpress.com]

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

1 year ago

CISA Warns of Actively Exploited Adobe ColdFusion and Oracle Agile PLM Vulnerabilities The Cybers...

thecyberexpress.com/cisa-adds-cve-2017-3066-...

#Firewall #Daily #Cyber #News #Vulnerabilities #Adobe #ColdFusion […]

[Original post on thecyberexpress.com]

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

1 year ago

CISA Warns of Actively Exploited Adobe ColdFusion and Oracle Agile PLM Vulnerabilities The Cybers...

thecyberexpress.com/cisa-adds-cve-2017-3066-...

#Firewall #Daily #Cyber #News #Vulnerabilities #Adobe #ColdFusion […]

[Original post on thecyberexpress.com]

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

1 year ago

CISA Warns of Actively Exploited Adobe ColdFusion and Oracle Agile PLM Vulnerabilities The Cybers...

thecyberexpress.com/cisa-adds-cve-2017-3066-...

#Firewall #Daily #Cyber #News #Vulnerabilities #Adobe #ColdFusion […]

[Original post on thecyberexpress.com]

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

1 year ago

CISA Warns of Actively Exploited Adobe ColdFusion and Oracle Agile PLM Vulnerabilities The Cybers...

thecyberexpress.com/cisa-adds-cve-2017-3066-...

#Firewall #Daily #Cyber #News #Vulnerabilities #Adobe #ColdFusion […]

[Original post on thecyberexpress.com]

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

1 year ago

CISA Warns of Actively Exploited Adobe ColdFusion and Oracle Agile PLM Vulnerabilities The Cybers...

thecyberexpress.com/cisa-adds-cve-2017-3066-...

#Firewall #Daily #Cyber #News #Vulnerabilities #Adobe #ColdFusion […]

[Original post on thecyberexpress.com]

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

1 year ago

CISA Warns of Actively Exploited Adobe ColdFusion and Oracle Agile PLM Vulnerabilities The Cybers...

thecyberexpress.com/cisa-adds-cve-2017-3066-...

#Firewall #Daily #Cyber #News #Vulnerabilities #Adobe #ColdFusion […]

[Original post on thecyberexpress.com]

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

1 year ago

CISA Warns of Actively Exploited Adobe ColdFusion and Oracle Agile PLM Vulnerabilities The Cybers...

thecyberexpress.com/cisa-adds-cve-2017-3066-...

#Firewall #Daily #Cyber #News #Vulnerabilities #Adobe #ColdFusion […]

[Original post on thecyberexpress.com]

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

1 year ago

CISA Warns of Actively Exploited Adobe ColdFusion and Oracle Agile PLM Vulnerabilities The Cybers...

thecyberexpress.com/cisa-adds-cve-2017-3066-...

#Firewall #Daily #Cyber #News #Vulnerabilities #Adobe #ColdFusion […]

[Original post on thecyberexpress.com]

FunctionalProgramming

@functionalprogramming.activitypub.awakari.com.ap.brid.gy

1 year ago

Is there a simple recursive analogue of this breadth-first binary tree deserialization function i...

stackoverflow.com/questions/79413187/is-th...

#haskell #functional-programming #deserialization #binary-tree […]

FunctionalProgramming

@functionalprogramming.activitypub.awakari.com.ap.brid.gy

1 year ago

Is there a simple recursive analogue of this breadth-first binary tree deserialization function i...

stackoverflow.com/questions/79413187/is-th...

#haskell #functional-programming #deserialization #binary-tree […]

Sharp Coder Blog

@sharpcoderblog.com

1 year ago

Built-in Way of Working with JSON in Unity Code JSON (JavaScript Object Notation) is a widely used data interchange format, and integrating it into Unity can be powerful for handling configurations, saving game progress, o...

Built-in Way of Working with JSON in Unity Code #Unity #Programming #Tutorial #Json #Structure #Serialization #Deserialization #Arrays #Objects #Csharp #Development #Coding #Data #Format

Spix0r

@spix0r.bsky.social

1 year ago

GitHub - Spix0r/django-rce-exploit: A Python tool for exploiting Django RCE via deserialization vulnerabilities in session cookies, allowing remote code execution through forged cookies. A Python tool for exploiting Django RCE via deserialization vulnerabilities in session cookies, allowing remote code execution through forged cookies. - Spix0r/django-rce-exploit

I've just dropped a #Python tool to exploit #Django RCE by leveraging #deserialization in session cookies.

It forges a malicious cookie that executes system commands remotely.

🔗 Check it out here: github.com/Spix0r/djang...

#CyberSecurity #BugBountyTools #RCE #BugBounty #Exploit #BugBountyTips

Erik C. Thauvin

@erik.thauvin.net

1 year ago

The sorry state of Java deserialization

#deserialization #java

www.marginalia.nu/log/a...

Ron Bowes

@iagox86.bsky.social

2 years ago

GreyNoise Labs - Panic!! At the YAML An overview of SnakeYAML deserialiation vulnerabilities (CVE-2022-1471) - how it works, why it works, and what it affects

Before the break, I started looking at CVE-2022-1471 in Confluence et al, which led me learn about SnakeYAML deserialization. It was quite the ride, full of open source drama and related vulns. I wrote it all up in this blog post!

#vuln #vulnerability #poc #java #deserialization #snakeyaml #yaml